General

  • Target

    BoosterX.exe

  • Size

    31.6MB

  • Sample

    240518-rzbm3sgc55

  • MD5

    4fbf426a08cc872e70da9a2d1370bafe

  • SHA1

    e55ce381f81f644aeebb0760abb2c25f1dcf7a3d

  • SHA256

    d51335c79bda0192cb99154d5885a3039e480d8f66f7c8e682560644a007e837

  • SHA512

    2cd8d76f411db3e14d1d754989eebac85bf6680ecea9579676b93b3e880e4ccafa893c957eb2a34ff12aa6f55bb23e099e19a123074b762b7c05ce152b9bb4bd

  • SSDEEP

    786432:YxghBYAEz1/SyAqmpMuJOe3wrgtXX3KMzbCqiiov9SKUMN7N8RSa/:YxgW1EqmpMuJDztXZOqmv7Ux

Malware Config

Targets

    • Target

      BoosterX.exe

    • Size

      31.6MB

    • MD5

      4fbf426a08cc872e70da9a2d1370bafe

    • SHA1

      e55ce381f81f644aeebb0760abb2c25f1dcf7a3d

    • SHA256

      d51335c79bda0192cb99154d5885a3039e480d8f66f7c8e682560644a007e837

    • SHA512

      2cd8d76f411db3e14d1d754989eebac85bf6680ecea9579676b93b3e880e4ccafa893c957eb2a34ff12aa6f55bb23e099e19a123074b762b7c05ce152b9bb4bd

    • SSDEEP

      786432:YxghBYAEz1/SyAqmpMuJOe3wrgtXX3KMzbCqiiov9SKUMN7N8RSa/:YxgW1EqmpMuJDztXZOqmv7Ux

    • Disables service(s)

    • Modifies Windows Defender notification settings

    • Modifies boot configuration data using bcdedit

    • Possible privilege escalation attempt

    • Modifies file permissions

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix ATT&CK v13

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Defense Evasion

Modify Registry

2
T1112

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

File and Directory Permissions Modification

1
T1222

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Discovery

System Information Discovery

5
T1082

Query Registry

5
T1012

Peripheral Device Discovery

1
T1120

Impact

Service Stop

1
T1489

Tasks